Bugtraq mailing list archives

Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting

From: sirdarckcat () gmail com
Date: 26 Jan 2007 04:53:42 -0000

Any way, this vulnerability is not dangerous.. because for sending a successful PM request, you need to match the "sid" 
variable, that is impossible to get unless you already have control of the session.

The correct patch must be added in the theme file "PersonalMessage.template.php" at the begining of the code:
$context["to"]=htmlentities($context["to"]);
$context["bcc"]=htmlentities($context["bcc"]);

Greetz!!

Current thread:

SMF "index.php?action=pm" Cross Site-Scripting Advisory (Jan 20)
- Re: SMF "index.php?action=pm" Cross Site-Scripting Lise Moorveld (Jan 26)
- <Possible follow-ups>
- Re: SMF "index.php?action=pm" Cross Site-Scripting lfx4sodas (Jan 22)
- Re: Re: SMF "index.php?action=pm" Cross Site-Scripting alexbove (Jan 22)
- Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting Outlaw (Jan 23)
- Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting sirdarckcat (Jan 26)